Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Impresscms Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24977 1 Impresscms 1 Impresscms 2022-02-24 7.5 HIGH 9.8 CRITICAL
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
CVE-2021-28088 1 Impresscms 1 Impresscms 2021-03-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
CVE-2020-17551 1 Impresscms 1 Impresscms 2020-10-14 3.5 LOW 4.8 MEDIUM
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
CVE-2018-13983 1 Impresscms 1 Impresscms 2019-05-07 4.3 MEDIUM 6.1 MEDIUM
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.
CVE-2008-5964 1 Impresscms 1 Impresscms 2018-10-11 6.8 MEDIUM N/A
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2010-4616 1 Impresscms 1 Impresscms 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
CVE-2012-0987 1 Impresscms 1 Impresscms 2017-12-01 6.0 MEDIUM N/A
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
CVE-2012-0986 1 Impresscms 1 Impresscms 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php.
CVE-2008-6360 1 Impresscms 1 Impresscms 2017-08-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3453 1 Impresscms 1 Impresscms 2017-08-08 10.0 HIGH N/A
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."
CVE-2014-1836 1 Impresscms 1 Impresscms 2015-07-02 6.4 MEDIUM N/A
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
CVE-2014-4036 1 Impresscms 1 Impresscms 2014-06-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
CVE-2010-4271 1 Impresscms 1 Impresscms 2010-11-18 7.5 HIGH N/A
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.